“Governments writing viruses: today we sort of take that for granted but 10 years ago that would have been science fiction,” “If someone had come to me ten years ago and told me that by 2014 it will be commonplace for democratic Western governments to write viruses and actively deploy them against other governments, even friendly governments, I would have thought it was a movie plot. But that’s exactly where we are today.” he told during his speech.

Consider also China that is probably the most aggressive state, according to the US intelligence the Government of Beijing has its malware already used in different state-sponsored attacks.

Also European governments are very active in the development of state-sponsored malware, German police and customs officials have used in the past a malicious code dubbed R2D2. The Trojan also referred to as “0zapftis” or “Bundestrojaner”, was able to track and collect data on victims’ PC, including Skype conversations. Other countries very active are the Sweden, that has developed its malicious code, and Russia that is investing to improve its cyber arsenal.

In time I’m writing the security community is evaluating the possibility that advanced Uroburosrootkit that has been infecting networks since as far back as 2011, is a modular spyware of the Russian government cyber weapons programme.

Hyppönen was involved in the investigation on Stuxnet, and he discovered that was possible to make a reverse engineering of the detected samples to build new agents and hit new types of targets.

In the case of Stuxnet it was hard to modify the code related to the attack against industrial SCADA control systems, but anyway, the malware could be adapted to sendmalicious commands to an infected industrial plant that could cause serious damages.

These agents are very effective and adopt complex techniques to deceive victim’s systems, the Flame malware, for example, used a false Windows Update system to spread itself, but malware authors were able to sign malicious code to allow target infection without raising suspects.

Recently security experts at Kaspersky lab identified a new malware family used in a large-scale cyber espionage campaign dubbed the Mask, probably the most sophisticated APT operation seen to date that hit entities in 31 different countries. The agents behind The Mask are Spanish-speaking and exploited at least a zero-day in their campaign, distributing the Mask malware on every OS including Mac OS X, Linux, and perhaps even iOS and Android.

Many experts argue that the anti-virus companies, in some cases, have not prevented the spread of malware because they agreed with the governments.

The Dutch campaign group called Bits of Freedom invited principal antivirus vendors to reveal any request to whitelist some kinds of malware being designed by the government, Hypponen claimed that Symantec and McAfee have not yet responded.

“The question was answered by our CEO saying ‘No, we haven’t’, we have never whitelisted any government malware since the source doesn’t come into play – we simply protect all our customers,” “We’ve had this policy for 13 years.” said Mikko Hyppönen.

If antivirus companies are whitelisting state malware there will be the concrete risk that Government-built malware and cyber weapons will run out of control.

Share On

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.